Business wants more fluid access to data while IT organizations must maintain security. As the diversity of users and devices, and the variety of access and multitude of threats to network resources and sensitive information have grown, so has the need for more flexible and automated ways to effectuate security policies, controls and enforcement. Rarely is this need more keenly felt than at the network endpoint, where people, technology, information assets and requirements for security and compliance meet most directly. IT consumerization and "bring your own device" (BYOD) trends have brought these issues to a head, forcing IT organizations to rethink how to enable and secure the use of managed and personal mobile devices to further business advantage.

These factors have given rise to Network Access Control (NAC) solutions for enabling a proactive approach to managing network admission and endpoint compliance risks. Today's NAC technologies are delivering that promise for many -- provided that organizations understand the considerations for a successful NAC deployment and how to recognize solutions that can address their requirements, not only to meet the needs of protecting the business, but to enable its people to continue to work efficiently.

In this paper, EMA examines the fundamentals that yield an informed approach to selecting and deploying NAC. Considered will be how today's approaches offer the means to identify and authenticate endpoint devices and offer a wide range of options for pre- and post-admission policy definition, enforcement and remediation that enable organizations to find the right balance of accessibility and security that best fits their needs.

The essentials of NAC functionality are described, along with key considerations for implementation that can produce more effective NAC results. Three enterprises that have adopted the ForeScout CounterACT solution are offered as examples of successful NAC deployments. They illustrate how comprehensive device discovery, real-time endpoint monitoring, flexible policy definition and effective control compatible with existing infrastructure answers many of the most critical requirements for guest management, endpoint compliance, mobile security and protecting sensitive information assets.